[clug] [OT] all text passwords == secure?

Sam Couter sam at couter.id.au
Mon Aug 27 06:12:18 MDT 2012


Angus Gratton <gus at projectgus.com> wrote:
> The best thing about using a password manager is zero password reuse (or
> password similarity), so password leaks or bad password storage
> practices have a much lower potential impact. The worst thing is that
> you have all your eggs in one basket, so to speak.

Depending on your password manager, that's an exremely low risk:
Passwords should be stored locally and the program should have no direct
remote attack vectors.

> There's a Sydney-based Microsoft MVP (I know, I know) called Troy Hunt
> who has written some posts about password management that I think are
> pretty good:
> 
> http://www.troyhunt.com/2011/03/only-secure-password-is-one-you-cant.html

That article is pretty good, but it completely fails to mention how to
generate the master password for the password manager.
-- 
Sam Couter         |  mailto:sam at couter.id.au
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/linux/attachments/20120827/8ce1ba57/attachment.pgp>


More information about the linux mailing list